Hierarchical Navigation

Viewing Options

Do you want to scale your infrastructure to perform tens of millions of IPv4 to IPv6 address translations? Do you need to support a powerful distributed denial of service (DDoS) attack mitigation solution? The Cisco® Carrier-Grade Services Engine (CGSE) for the Cisco Carrier Routing System (CRS) is an ideal platform for these services. The Cisco CGSE is a single-slot module supported on all models of proven, high-end Cisco carrier-class routing system, including the Cisco CRS-1 Carrier Router and CRS-3 platform.

The Cisco CGSE for the Cisco CRS (Figure 1) is an integrated multi-CPU service module offering carrier-class performance and scale in support of both the Cisco Carrier-Grade IPv6 (CGv6) Solution and a DDoS mitigation solution. This data sheet provides detailed product specifications for the Cisco CGSE module and details about the Cisco CGv6 Solution and the DDoS mitigation software available on the Cisco CGSE.

Product Overview

The Cisco CGv6 Solution, running on one or more Cisco CGSE modules inside of a Cisco CRS, can scale to tens of millions of IP address translations with tens of gigabits of performance. It’s an effective way to address IPv4 depletion and facilitate IPv6 transition. Several modules can be populated within a chassis for a high-performance solution that can be deployed at places in the network where the best Cisco CGv6 coverage can be obtained.

The Cisco CGSE also supports the Arbor Peakflow SP Threat Management System (TMS) from Arbor Networks, which is licensed by Cisco to provide DDoS mitigation capabilities on Cisco CRS platforms. It provides service providers with the ability to offer:

●Managed DDoS mitigation services to enterprise clients

●Protection of the network backbone and services against attacks originating from both the outside and the inside of the service provider network

The module supports a highly available architecture with line-rate accounting and logging of translation information. Cisco IOS® XR Software on the module offers a flexible way to divert selected packets through the Cisco CGSE while allowing global IPv4 and IPv6 packets to traverse the Cisco CRS forwarding infrastructure as usual.

The powerful performance of the Cisco CGSE helps ensure that the experience of your end-users continues to be optimal for all services you provide.

Cisco CGSE DDoS Mitigation Software

As part of the Arbor Peakflow SP TMS software for DDoS mitigation, the Arbor Peakflow SP Collector Platform appliance monitors the network, performing an analysis of traffic in real-time to detect a comprehensive set of DDoS attack signatures. Upon detecting an attack, it redirects traffic to the threat management system on the Cisco CGSE module or to a bank of Cisco CGSE modules on the Cisco CRS, where the attack is surgically mitigated and clean traffic is re-injected into the network. Figure 2 illustrates how the DDoS mitigation process works.

Figure 2. Cisco CGSE DDoS Mitigation

The main capabilities of the Cisco CGSE DDoS mitigation solution include:

●Throughput: Up to 10 Gbps of DDoS mitigation capability is provided per Cisco CGSE module

●Flexible deployment scenarios: Implement distributed deployment across multiple peering and provider-edge sites to offer mitigation at the point closest to the attack, or centralized deployment with a “scrubbing center” model using a cluster of Cisco CGSE modules in one more Cisco CRS routers

●Comprehensive DDoS mitigation capabilities: The solution addresses the full set of DDoS attack types and includes IPv6 support and an optional Atlas Fingerprints subscription to stay current with the latest attack signatures. For more information, please refer to the Arbor SP Peakflow TMS data sheet

Massive Scalability

As an increasing multitude of subscribers with their numerous applications traverse the network, the Cisco CGSE scales to support this growth:

●Up to 20 million stateful NAT translations per Cisco CGSE module

●Support for tens to hundreds of thousands of private IPv4 subscribers accessing the public IPv4 Internet

●Support for tens to hundreds of thousands of IPv6 subscribers accessing the IPv4 Internet

The Cisco CGSE module is designed for the proven high-end routing platform of the Cisco CRS. It is supported on all the form factors of the Cisco CRS-1 and CRS-3 platforms, including 4-, 8-, and 16-slot and multichassis versions. This breadth of deployment options allows service providers to scale the Cisco CGSE to their appropriate needs. Also, the Cisco CGSE is integrated with the routing intelligence of the Cisco CRS, providing the significant operation efficiencies of a single OS. Because the Cisco CRS platform supports secure domain routers (SDRs), providers have the flexibility to integrate the Cisco CGSE on a virtualized network infrastructure.

The following services are available on the Cisco CGSE (Figure 3):

●Full IPv4 and IPv6 routing and forwarding on the Cisco CRS platform

●Service provider-class NAT44 to address IPv4 depletion based on IETF NAT behaviors as described in RFCs 4787, 5382, and 5508

●IPv6 Rapid Deployment Border Relay (6rd BR, described in RFC 5969)

●Stateful and stateless IPv4 and IPv6 translation based on IETF BEHAVE specifications

●Service provider-class NAT64 translations based on IETF NAT behavior as described in RFC 6146

●Service provider-class Dual-Stack Lite (DSLite) translations based on existing IETF behavior as described in RFCs 6333 and 6334

●Network Positioning System (NPS)

The Cisco CGSE interface module on the Cisco CRS offers service providers a near-term solution to address IPv4 depletion and preserve a service provider’s present mode of operation (PMO). At the same time, it provides one or more methods to offer a low-risk, cost-effective means to activate IPv6 tunneling and translation functions.

Figure 3. Cisco CGv6 Solution

Product Specifications

Table 1 lists the specifications of the Cisco CGSE module.

Table 1.Product Specifications

Feature

Description

Chassis compatibility

Compatible with all current Cisco CRS-1 and CRS-3 line-card chassis

Forwarding-engine compatibility

Compatible with the following forwarding engines: CRS-MSC-40G-B, CRS-MSC-20G-B, and CRS-MSC

Cisco delivers innovative services programs through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco Services helps you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco Services, contact your local Cisco representative or visit http://www.cisco.com.

For More Information

For more information about the Cisco CRS, other interfaces available for Cisco CRS, or cisco CRS Carrier-Grade Services Engine PLIM, contact your local Cisco representative or visit http://www.cisco.com/go/crs.